66-44
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 66 Viewing Events
Using Event Viewer
Filtering on a Text String
Use the quick filter to search for text strings in events. As you type a search keyword, the events table
automatically excludes non-matching events as you type. You can search on all columns (the default), or
you can select a specific column in which to search.
The following illustration shows the quick filter, which is on the right of the event table toolbar (see
Event Table Toolbar, page 66-14).
To perform a search, simply type in the search string. To change how the string is evaluated, click the
down arrow next to the Q (magnifying glass) in the left of the edit box. You can limit the search scope
using these controls:
Column name—Select a specific column to search only within that column. The list includes all
columns currently displayed in the table. The default is to search all columns.
Case sensitivity—Select Case sensitive or Case insensitive to control whether capitalization is
considered when selecting matches. The default is case insensitive.
Wild card usage—Select Use Wild Cards to have the following characters evaluated as wild cards:
* (asterisk)—matches 0 or more characters.
? (question mark)—matches one character.
Match method—Select one of the following to determine the location within a cell that the search
string should reside:
Match from start—The string must be at the beginning of the cell.
Match exactly—The cell must contain all and only the search string.
Match anywhere—The string can appear anywhere within the cell.
To remove the search string, simply delete it from the quick filter edit box.
For example, if you want to find events that relate to ports that start with tcp/48, type tcp/48 into the
quick filter. In the following illustration, note that all but six events are filtered out of the table. In this
example, the search string is found in the Source Service column for the first five events, but in the
Destination Service column for the sixth event. If you know beforehand that you are interested in
destination services only, you could select Destination Service from the quick filter drop-down list and
the table would show the last event only.
Clearing Filters
When you apply filters to the event table, non-matching events are not displayed. You might find that
you need to see the non-matching events. You can either open a different view that applies different (or
no) filters, or you can clear filters from the current view.